Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[WebGuyMike]

HW B1, Firmware flashed to 2.03NA -just purchased new today (Saturday)

All seemed to be fine -setup was quite straightforward, speeds are great, was *VERY* happy on the initial go-round ...then the headache came.
After I manually configured everything, I set my password (no, didn't backup the config  )
My strong password is 16 characters long. (works fine on my dir-655)

Saved it, go to log back in again and no matter what I try: "Invalid Password"
(Might have to log in and out a couple times for it to happen.)
Hard reset is the only way to get back in.

Tried various combination w/ & w/out capcha, power-cycle, clear browser cache & http/s -all with default settings (since I lost my config and kept having to hard-reset).
Seems ok with 1-char, 3-char, & 6-char passwords.  Didn't try others before I ended up here.
Even tried several times with a 3-character pass, then put in the strong, saved, then "Invalid Password"

Anyone got any ideas? 


There's got to be some problem with either the hardware of the firmware.
At least if it provided a character limit.  Looks like I need to guess.

-----------
I'm not going to create a separate password just for this unit.
I'd rather just return it.
Few people are security conscious enough to use passwords on this level, so it's unlikely many people will come across it.

[smlunatick]

I have experienced this before.  I do not believe that this is a hardware issue.  My experience seems to have indicated that someone was somehow changing my router's password.   

[heywhat]

@WebGuyMike: It's not that uncommon to have a "strong" password; what's more common is that people use the *same* strong password everywhere (thereby weakening it).
@smlunatick: I believe it IS a hardware issue...or rather: a firmware issue.

Now, for both of you--and mystified visitors--I have a potential solution (skip to the end of my post if you don't need to know what led to it).

On a DIR-625, I suddenly found myself locked out for months. Reinitializing the firmware was not a good option, since it sits on a corporate network and the technical support onsite...isn't...exactly. I figured someone had changed the password, and eventually we'd discover who did it, or someone would remember. In the interim, the DIR-625 reached "end of life" (sigh) and no later firmware was available (currently, 1.09)...so no clues or support options were forthcoming until a few minutes ago, when I started looking at the router's source code. On the login page, the password we enter is processed by a substr() command, which grabs the first 16 characters of what we type, and ignores the rest:

Code: [Select]

var goodp = document.myform.Password.value.substr(0,16);
Ok, fine; clearly my password is "cut off" at 16 characters before it's sent off to be validated. Now, having been a technician for 20 years, I know that techs make programming mistakes called "one-off" errors, especially when some programming tools start at 0, and others start at 1 (the code above starts at 0). So, I started trying variations of the last password I knew, + or -1 characters from that 16-character limit. After trying a few possible passwords, the router let me in at 15 characters of an expected password. Success!

Why? Well...once you're logged in, you can see the problem is in the source code for the page that accepts your new passwords:

Code: [Select]

<input type="password" id="password1" name="password1" maxlength="15" size="20" ....
The router strictly enforces an internal limit of 15 characters, but the front page's login accepts (unlimited, but prunes to) 16. Whoops! There may be yet another "1-off" issue in a password-padding loop immediately following the first code block (the substr), but I didn't really look into this.

The final recommendation comes down to this: whatever password you--or any visitors to this post--used: prune "what you think it should be" to no more than 15 characters and try again. If it works, your firmware contains the above-described bug..

[Thanks]

After trying a few possible passwords, the router let me in at 15 characters of an expected password. Success!

Thank you SO much for this - I'd tried 8 and 12, figuring it might be limited to one of those values (powers of 2 and such) and a Google search lead me to a bunch of people saying a hard reset was the only way... then I saw this, pruned my password back to 15 characters and it worked.  I never would have thought of a one-off error, so you saved me the huge pain in the ass of reconfiguring every single setting on the router.

THANKS!